On Sun, Nov 16, 2014 at 08:10:55AM +0900, Mike Hommey wrote: > On Sat, May 17, 2014 at 11:15:20AM +0900, Mike Hommey wrote: > > On Sat, May 17, 2014 at 02:03:18PM +1200, Chris Pearce wrote: > > > On 5/17/2014 10:34 AM, Mike Hommey wrote: > > > >Hi, > > > > > > > >As far as I can tell from what has been said so far on the subject, we > > > >may be opting to download the CDM blob unconditionally, and run it after > > > >user interaction. > > > > > > > >As I understand it, the CDM blob is going to be hosted by Adobe. I can > > > >see a privacy issue here. Or at least, I can see that people can be > > > >unconfortable with this, and/or with the unconditional download of > > > >proprietary code (however irrational that is, knowing how many non-free > > > >blobs a browser downloads every day). > > > > > > The UX has not been finalized yet, and it will likely involve people from > > > UX, who don't read this list. > > > > > > Firstly, the CDM will be sandboxed (using Chromium's sandbox, which uses > > > seccomp-bpf on Linux I believe). So what the CDM can do to snoop on the > > > users' computers is severely restricted. > > > > > > Or is your concern that the browser will ping some Adobe server without > > > the > > > user asking it to? > > > > Yes. Essentially, Adobe would receive a ping from all Firefox users on a > > recent version. That doesn't sound very appealing. > > > > > Secondly, last I heard the plan was to XOR the downloaded blob with some > > > string to make it non-executable until the user consents. > > > > I'm not convinced that would satisfy the concerns of the people who > > don't want to have anything to do with proprietary software. It's > > completely irrational, as, like I said, a browser will already download > > proprietary blobs all the time, but that's a point a lot of people are > > already doing. > > I hate to say I told you so, but here we are: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769716 > https://bugs.gentoo.org/show_bug.cgi?id=525810 > https://bugzilla.redhat.com/show_bug.cgi?id=1155499 > > And that's not even an actually non-free blob being downloaded.
Well, actually, fedora is making a case that it's non-free because of the patent portfolio license restriction on non-commercial use. Mike _______________________________________________ dev-media mailing list [email protected] https://lists.mozilla.org/listinfo/dev-media

